rlm_perl and accounting
Pshem Kowalczyk
pshem.k at gmail.com
Tue Aug 29 05:04:57 CEST 2006
Hi
I've noticed this comment in the cvs log (for rlm_perl.c):
Over-write existing vp's with new ones.
This means that the Perl module works more like the other modules,
which have absolute power over the VP's, and less like the "users"
file, which updates the VP's via operators, etc
So I've compiled the source and gave it a try, but it behaved exactly
as the stable version - didn't replace nor removed any attributes. Is
this supposed to work?
I tested the pre and post proxy methods:
rad_recv: Access-Request packet from host 127.0.0.1 port 32785, id=96, length=62
User-Password = "test"
User-Name = "test"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-IP-Address = a.b.c.d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
perl_pool: item 0x82013e0 asigned new request. Handled so far: 1
found interpetator at address 0x82013e0
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair User-Name = test
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair NAS-IP-Address = a.b.c.d
rlm_perl: Added pair Proxy-To-Realm = quik
rlm_perl: Added pair Stripped-User-Name = test
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x82013e0
modcall: group authorize returns ok for request 0
Processing the pre-proxy section of radiusd.conf
modcall: entering group pre-proxy for request 0
perl_pool: item 0x840f4e0 asigned new request. Handled so far: 1
found interpetator at address 0x840f4e0
rlm_perl: entering pre-proxy
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair User-Name = testuser
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Realm = quik
rlm_perl: Added pair NAS-IP-Address = a.b.c.d
rlm_perl: Added pair Stripped-User-Name = test
rlm_perl: Added pair Proxy-To-Realm = quik
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair User-Name = test
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Proxy-State = 0x3936
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Realm = quik
rlm_perl: Added pair NAS-IP-Address = a.b.c.d
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x840f4e0
modcall: group pre-proxy returns updated for request 0
Sending Access-Request of id 197 to x.y.z.103 port 1812
Framed-Protocol = PPP
User-Name = "test"
User-Password = "test"
Proxy-State = 0x3936
Service-Type = Framed-User
NAS-IP-Address = a.b.c.d
--- Walking the entire request list ---
Waking up in 1 seconds...
rad_recv: Access-Accept packet from host x.y.z.103 port 1812, id=197, length=30
Framed-IP-Address = 192.168.1.65
Proxy-State = 0x3936
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 0
perl_pool: item 0x85f6b88 asigned new request. Handled so far: 1
found interpetator at address 0x85f6b88
rlm_perl: entering post-proxy
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair User-Name = testuser
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Realm = quik
rlm_perl: Added pair NAS-IP-Address = a.b.c.d
rlm_perl: Added pair Framed-IP-Address = 10.10.1.1
rlm_perl: Added pair Proxy-To-Realm = quik
rlm_perl: Added pair Stripped-User-Name = test
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair User-Name = test
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Proxy-State = 0x3936
rlm_perl: Added pair Realm = quik
rlm_perl: Added pair NAS-IP-Address = a.b.c.d
rlm_perl: Added pair Proxy-State = 0x3936
rlm_perl: Added pair Framed-IP-Address = 192.168.1.65
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x85f6b88
modcall: group post-proxy returns updated for request 0
authorize: Skipping authorize in post-proxy stage
rad_check_password: Found Auth-Type
rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 96 to 127.0.0.1 port 32785
Framed-IP-Address = 10.10.1.1
Framed-IP-Address = 192.168.1.65
Finished request 0
Going to the next request
Waking up in 1 seconds...
It looks like the content of the original hashes is still being kept.
perl code:
#add attributes to the request
sub sanitise {
my ($login,$realm) = split(/\@/, $RAD_REQUEST{'User-Name'});
$RAD_CHECK{'REALM'} = $realm;
$RAD_CHECK{'Stripped-User-Name'} = $login;
}
# Function to handle pre_proxy
sub pre_proxy {
&radiusd::radlog(1, "entering pre-proxy");
$RAD_REQUEST{'User-Name'} = 'testuser';
return RLM_MODULE_OK;
}
# Function to handle post_proxy
sub post_proxy {
&radiusd::radlog(1, "entering post-proxy");
$RAD_REPLY{'Framed-IP-Address'} = '10.10.1.1';
return RLM_MODULE_OK;
}
# Function to handle authorize
sub authorize {
#pre-process the packet
&sanitise();
if ($RAD_CHECK{'Realm'} == 'adsl.com'){
$RAD_CHECK{'Proxy-To-Realm'} = 'quik';
}
return RLM_MODULE_OK;
}
regards
pshemko
More information about the Freeradius-Users
mailing list